Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Installing firmware on an individual FortiGate-6000 FPC

Installing firmware on an individual FortiGate-6000 FPC

You may want to install firmware on an individual FPC to resolve a software-related problem with the FPC or if the FPC is not running the same firmware version as the management board. The following procedure describes how to transfer a new firmware image file to the FortiGate-6000 internal TFTP server and then install the firmware on an FPC.

  1. Copy the firmware image file to a TFTP server, FTP server, or USB key.

  2. To upload the firmware image file onto the FortiGate-6000 internal TFTP server, from the management board CLI, enter one of the following commands.

    • To upload the firmware image file from an FTP server:

      execute upload image ftp <image-file-and-path> <comment> <ftp-server-address> <username> <password>

    • To upload the firmware image file from a TFTP server:

      execute upload image tftp <image-file> <comment> <tftp-server-address>

    • To upload the firmware image file from a USB key:

      execute upload image usb <image-file-and-path> <comment>

  3. Enter the following command to install the firmware image file on to an FPC:

    execute load-balance update image <slot-number>

    where <slot-number> is the FPC slot number.

    This command uploads the firmware image to the FPC and the FPC restarts. When the FPC starts up, the configuration is reset to factory default settings and then synchronized by the management board. The FPC restarts again, rejoins the cluster, and is ready to process traffic.

  4. To verify that the configuration of the FPC has been synchronized, enter the diagnose sys confsync status | grep in_sy command. The command output below shows an example of the synchronization status of some of the FPCs in an HA cluster of two FortiGate-6301F devices. The field in_sync=1 indicates that the configuration of the FPC is synchronized.

    FPC6KFT018901327, Slave, uptime=615368.33, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=1
    F6KF31T018900143, Master, uptime=615425.84, priority=1, slot_id=1:0, idx=0, flag=0x10, in_sync=1 
    FPC6KFT018901372, Slave, uptime=615319.63, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=1
    F6KF31T018900143, Master, uptime=615425.84, priority=1, slot_id=1:0, idx=0, flag=0x10, in_sync=1
    FPC6KFT018901346, Slave, uptime=423.91, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=1

    FPCs that are missing or that show in_sync=0 are not synchronized. To synchronize an FPC that is not synchronized, log into the CLI of the FPC and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    The example output also shows that the uptime of the FPC in slot 3 is lower than the uptime of the other FPCs, indicating that the FPC in slot 3 has recently restarted.

    If you enter the diagnose sys confsync status | grep in_sy command before an FPC has completely restarted, it will not appear in the output. Also, the Configuration Sync Monitor will temporarily show that it is not synchronized.

Installing firmware on an individual FortiGate-6000 FPC

You may want to install firmware on an individual FPC to resolve a software-related problem with the FPC or if the FPC is not running the same firmware version as the management board. The following procedure describes how to transfer a new firmware image file to the FortiGate-6000 internal TFTP server and then install the firmware on an FPC.

  1. Copy the firmware image file to a TFTP server, FTP server, or USB key.

  2. To upload the firmware image file onto the FortiGate-6000 internal TFTP server, from the management board CLI, enter one of the following commands.

    • To upload the firmware image file from an FTP server:

      execute upload image ftp <image-file-and-path> <comment> <ftp-server-address> <username> <password>

    • To upload the firmware image file from a TFTP server:

      execute upload image tftp <image-file> <comment> <tftp-server-address>

    • To upload the firmware image file from a USB key:

      execute upload image usb <image-file-and-path> <comment>

  3. Enter the following command to install the firmware image file on to an FPC:

    execute load-balance update image <slot-number>

    where <slot-number> is the FPC slot number.

    This command uploads the firmware image to the FPC and the FPC restarts. When the FPC starts up, the configuration is reset to factory default settings and then synchronized by the management board. The FPC restarts again, rejoins the cluster, and is ready to process traffic.

  4. To verify that the configuration of the FPC has been synchronized, enter the diagnose sys confsync status | grep in_sy command. The command output below shows an example of the synchronization status of some of the FPCs in an HA cluster of two FortiGate-6301F devices. The field in_sync=1 indicates that the configuration of the FPC is synchronized.

    FPC6KFT018901327, Slave, uptime=615368.33, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=1
    F6KF31T018900143, Master, uptime=615425.84, priority=1, slot_id=1:0, idx=0, flag=0x10, in_sync=1 
    FPC6KFT018901372, Slave, uptime=615319.63, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=1
    F6KF31T018900143, Master, uptime=615425.84, priority=1, slot_id=1:0, idx=0, flag=0x10, in_sync=1
    FPC6KFT018901346, Slave, uptime=423.91, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=1

    FPCs that are missing or that show in_sync=0 are not synchronized. To synchronize an FPC that is not synchronized, log into the CLI of the FPC and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    The example output also shows that the uptime of the FPC in slot 3 is lower than the uptime of the other FPCs, indicating that the FPC in slot 3 has recently restarted.

    If you enter the diagnose sys confsync status | grep in_sy command before an FPC has completely restarted, it will not appear in the output. Also, the Configuration Sync Monitor will temporarily show that it is not synchronized.